CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/apple_ios/browser/webkit_trident.md
Views: 1904
Description
This module exploits a UAF vulnerability in WebKit's JavaScriptCore library, CVE-2016-4657.
Vulnerable Application
The exploit should work on 32-bit or 64-bit devices running iOS 9.3.4 or earlier, though it has been tested so far on 64-bit devices running 9.3.1.
Verification Steps
Start msfconsole
use exploit/apple_ios/browser/webkit_trident
set LHOST
andSRVHOST
as appropriateexploit
Browse to the given URL with a vulnerable device from Safari
Note that the payload is specially created for this exploit, due to sandbox limitations that prevent spawning new processes.